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Appellants invoke our review under 35 U.S.C. § 134(a) from the final 
rejection of claims 1-45. We have jurisdiction under 35 U.S.C. § 6(b). We 
affirm. 

STATEMENT OF THE CASE^ 

Appellants claim a computer network system and method to control 

user access to stored datasets that are labeled with dataset access categories. 

A user requesting access to a dataset is a member of one of several user 

groups. Each user group is identified as having a certain dataset access 

category authorization. The user establishes authenticated identity as a 

member of a user group, and, thereby, is assigned to have access to the 

dataset with the same dataset access category as the user group that is 

enabled for the authenticated user.^ Claim 1 is illustrative: 

1. A method for computer security to control access to data held 
on a computer system as requestable datasets, said method comprising 
the steps of: 

allocating human users of a computer system between a 
plurality of user groups as members thereof wherein not all user 
groups have only a single member and membership of a user group 
having multiple members is authentically evidenced by provision of 
user group identity information common to such members, each user 
group corresponding to a respective dataset access category selected 
from a plurality of such categories such that all members of each user 
group having multiple members are associated with a dataset access 
category which is common to members of that user group; 



^ Throughout this opinion we refer to the Specification filed Mar. 19, 2002, 
the Appeal Brief filed Aug. 20, 2007, the Examiner's Answer mailed Nov. 
21, 2007, and the Reply Brief filed Jan. 22, 2008, for their respective details. 
^ See generally Abstract; Spec. 9:29-17:16; Figs. 1, 2, 6. 
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providing for each dataset a dataset access category selected 
from said plurality of such categories and associated with a criterion 
for access to that dataset by computer system users; and 

giving access to a dataset to a member of a user group with 
multiple members in response to such member providing 
authenticated evidence of membership of that user group and 
members of that user group being associated with a common dataset 
access category which enables access to that dataset. 

The Examiner relies on the following prior art references to show 

unpatentability:"^ 

Baker US 5,696,898 Dec. 9, 1997 

Hayman US 5,859,966 Jan. 12, 1999 

McNabb US 6,289,462 Bl Sep. 1 1, 2001 

Hsiao US 6,496,944 Bl Dec. 17, 2002 

Lein Harn & Shoubao Yang, ID-Based Cryptographic Schemes for User 
Identification, Digital Signature, and Key Distribution, 1 1 IEEE J. ON 
Selected Areas Comm. 757-60 (June 1993) [hereinafter Harn]. 

Netscape Communications Corporation, Administrator's Guide: Netscape 
Messaging Server Version 3.0, 57-58 (1995) [hereinafter Netscape]. 

James Davis et al.. An Implementation of MLS on a Network of Workstations 
Using X.500/509, IEEE PERFORMANCE, COMPUTING, & Comm. Conf. 546- 
53 (1997) [hereinafter Davis]. 

The Examiner, under 35 U.S.C. § 103(a), rejected: 

1. Claims 1-5, 11-13, 17, 19-23, 29, 31, 32, 38, 41, 44, and 45 as 
unpatentable over Baker and Davis (Ans. 3-9); 

2. Claims 6, 24, 39, and 42 as unpatentable over Baker, Davis, and Hsiao 
(Ans. 9-10); 

3. Claims 7 and 25 as unpatentable over Baker and Davis (Ans. 10-11); 



Effective filing dates are not at issue. 
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4. Claims 8, 9, 26, and 27 as unpatentable over Baker, Davis, and Ham 
(Ans. 11-13); 

5. Claims 10, 28, and 34 as unpatentable over Baker, Davis, and 
McNabb (Ans. 13-14); 

6. Claims 14-16, 30, and 33 as unpatentable over Baker, Davis, and 
Hayman (Ans. 14-15); 

7. Claim 18 as unpatentable over Baker, Davis, Hayman, and Netscape 
(Ans. 15); 

8. Claim 35 as unpatentable over Baker and Davis (Ans. 16); 

9. Claim 36 as unpatentable over Baker, Davis, and Hsiao (Ans. 16);^ 

10. Claim 37 as unpatentable over Baker and Davis (Ans. 16); and 

11. Claims 40 and 43 as unpatentable over Baker, Davis, and Harn (Ans. 
16-18). 

ISSUE 

Based on the Examiner's findings and conclusions {see Ans. 3-5, 18- 
21) and Appellants' contentions {see App. Br. 23-30; Reply Br. 2-10), did 
the Examiner err in determining that Baker and Davis, alone or in 
combination, teach or suggest (i) allocating computer system human users 
between a plurality of user groups wherein members of each user group are 
associated with a dataset access category common to the user group; and (ii) 
giving dataset access to a member in response to such member providing 
authenticated evidence of user group membership as recited in claim 1? 



^ This rejection is not addressed by Appellants. Accordingly, based on 
Appellants waived argument, we will sustain the Examiner's rejection of 
claim 36. See 37 C.F.R. § 41.37(c)(l)(vii). 
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PRINCIPLES OF LAW 
Analysis of claim rejections begins with a detennination of claim 
scope. We detennine claim scope not solely on the basis of claim language, 
but also on giving claims their broadest reasonable construction in light of 
the specification as it would be interpreted by one of ordinary skill in the art. 
In re Am. Acad. ofSci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). See 
also SuperGuide Corp. v. DirecTV Enters., Inc., 358 F.3d 870, 875 (Fed. 
Cir. 2004) ("Though understanding the claim language may be aided by the 
explanations contained in the written description, it is important not to 
import into a claim limitations that are not a part of the claim."). 

ANALYSIS 

Claims 1-5, 7, 11-13, 17, 19-23, 25, 29, 31, 32, 35, 37, 38, 40, 41, 
and 43- 45 

These claims rejected under § 103(a) as unpatentable over Baker and 
Davis are collectively asserted by Appellants as being patentable (see App. 
Br. 30, 32, 36). Appellants argue selected limitations that are substantively 
characterized as being recited in all of included independent claims 1, 19, 
32, 35, 38, 40, 41, and 43-45 (App. Br. 24-30, 32, 36). The dependent 
claims are argued to be patentable because of their dependencies from the 
included base independent claims. We, accordingly, select independent 
claim 1 as representative. See 37 C.F.R. § 41.37(c)(l)(vii). 

I 

Appellants commence by contending that Baker fails to teach or 
suggest "'allocating' human users between a plurality of user groups" (App. 
Br. 24). The Examiner finds that Baker discloses that "the [reference taught] 
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invention could also be modified to recognize classes of users and/or user 

terminals" (col. 4, 11. 47-49), and, therefore, Baker teaches that "users have 

been classified into different classes" (Ans. 18). From our study of Baker, 

we agree with and adopt this finding. Appellants contend: 

Baker does NOT disclose human users allocated to different 
classes: users may be in different classes but they are NOT 
allocated to them by Baker and Baker does not disclose 
recognition of their class instead of each human user's identity. 
. . . The whole point of Appellants' invention is that it replaces 
recognition of each individual person's identity with 
recognition of a group identity common to multiple group 
members. 

(Reply Br. 2-3.) Despite the bald assertion to the "Appellants' invention," 
Appellants do not cite to Specification disclosures and explain some 
consequently narrowed claim construction. In these circumstances, we look 
to the broadest reasonable construction for the claim 1 recited "allocating 
human users . . . between a plurality of user groups as members thereof." 
Am. Acad. ofSci. Tech Ctr., 367 F.3d at 1364. As such, we broadly construe 
this claim limitation to cover allocating users between user groups as 
members thereof. We consequently agree with the Examiner because we 
find that Baker teaches classifying users into different classes, and, 
therefore. Baker teaches "allocat[ing users] into user groups as claimed" 
(Ans. 18). 

II 

Appellants also contend that Baker fails to disclose "human users" 
(App. Br. 25-26). As discussed supra, we adopt the Examiner's finding that 
Baker teaches "'recogniz[ing] classes of users and/or user terminals'" from 
which the Examiner concludes "that human computer users are being 
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discussed" (Ans. 18 (quoting Baker, col. 4, 11. 48-49)). Appellants do not 
assert that Baker teaches or suggests that Baker's disclosed users are not 
human by identifying some other category for such users. We, accordingly, 
are not persuaded by Appellants' contentions that Baker is somehow 
deficient in teaching human users. 

Ill 

Appellants further contend that Baker is deficient with respect to 
"identification of 'a data access category which is common to members of 
that user group'" (App. Br. 26). What Appellants argue is that "Baker only 
discusses control of access to data either by restricting data which a terminal 
can access or by the use of a personal password unique to an individual and 
not by a dataset access category being common to human members of a user 
group" (App. Br. 26). The Examiner finds that Baker, at column 5, lines 10- 
12, discloses a database listing of directory and/or subdirectory identifiers 
that a particular user or user group would use to be granted or denied access 
to data (Ans. 19). From our study of Baker, we agree with and adopt this 
finding. Appellants do not contest this finding, but, instead, argue that 
Baker uses data location to control access (Reply Br. 5). Further, Appellants 
assert that "it is an important advantage of Appellants' invention over Baker 

that it is not data location dependent " (id.). Not addressed by 

Appellants, however, is the claim 1 step of "providing for each dataset a 
dataset access category," which associates datasets with dataset access 
categories. Again, Appellants do not cite to Specification disclosures and 
explain some consequently narrowed claim construction. On this record, we 
agree with the Examiner that Baker is read on by the claim 1 recited "each 
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user group correspond[s] to a respective dataset access category [i.e., Baker 
identifier] . . . such that all members of each user group ... are associated 
with a dataset access category which is conmion to members of that user 
group." 

IV 

Next, Appellants contend that neither Baker nor Davis teaches 

providing data access "in response to such member providing authenticated 

evidence of membership of that user group" as recited in claim 1 (App. Br. 

27; see also App. Br. 29-30). The Examiner acknowledges that Baker does 

not disclose this subject matter (Ans. 4). Turning to Davis, the Examiner 

finds disclosure of a public key from a user's Certificate to verify the 

identity of the user (Ans. 4-5 (citing Davis 553)). From our study of Davis, 

we agree with the Examiner and adopt this finding. Further, we find this 

identity verification is performed using a Davis access server (Davis 553). 

Appellants further argue: 

[T]he Examiner incorrectly suggests that the issue is 
authenticating an individual user , which is quite wrong and 
confuses authentication of a system user's identity with 
authentication of a user group's identity. Authenticating a 
system user's identity is iiTelevant because Appellants' claimed 
invention does not need do this. As has been previously noted, 
Appellants' invention avoids the need to identify an individual 
requiring access to data, and instead identifies and authenticates 
the group to which such an individual has been allocated by 
Appellants' invention. 

(Reply Br. 6-7.) What claim 1 recites is "giving access ... to a member of a 

user group ... in response to such member providing authenticated evidence 

of membership of that user group." This limitation recites that a user 
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provides evidence of membership in a user group. Appellants, as part of the 
argument, discuss the Davis disclosed example of a "user Jane Baker" 
requesting access to an object, i.e., stored data, and her identity being 
verified (Reply Br. 7). We find that Davis discloses for this example that if 
Jane Baker's "identity is verified, [an] access server compares ... the groups 
allowed access to the requested object" in order to determine if a data access 
request from Jane Baker should be granted (Davis 553). In sunmiary, we 
find the Davis access server both verifies user identity, and also correlates 
groups with the data for which access is allowed to grant verified user 
members of authorized groups access to the identified data. Accordingly, 
we are not persuaded by Appellants' argument, because we find that Davis 
teaches authenticating a user's identity as a member of an authorized user 
group in order to allow data access. 

V 

Appellants finally contend that the Examiner failed to provide a 

"reason" or "motivation" for combining Baker and Davis (App. Br. 28; see 

also Reply Br. 7-8). Appellants' contentions are made as conclusion 

statements without acknowledging the Examiner's stated reasoning in the 

Final Action, where in part it is explained that: 

[I]t is extremely common and well known in the art for access 
control systems to implement some method of authenticating a 
user identity. It would be obvious for one to modify Baker such 
that it included a step for authenticating the user identity for 
determining access privileges. Motivation as commonly 
understood, would simply be to ensure that the user is who 
he/she says he/she is. Moreover, Davis discloses a database 
system wherein the user identity is authenticated. 
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Motivation for one of ordinary skill in the art at the time 
of the invention to modify Baker as discussed above would 
have been to "provide a framework of authentication services 
by the directory to its users" (Davis, page 548 under heading 
B). It can be understood by one of ordinary skill that the Baker 
architecture when developed in the directory structure would 
clearly necessitate an enhanced form of security offered by the 
certificate system. 

(Final Action 4-5.) Our reviewing court in addressing obviousness 

rejections has explained that "there must be some articulated reasoning with 

some rational underpinning to support the legal conclusion of obviousness." 

In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006); see also KSR Int'l Co. v. 

Teleflex Inc., 550 U.S. 398, 418 (2007). In this circumstance, we find that 

the Examiner has set out articulated reasoning premised from at least 

increasing security by confirming data requester identities (i.e., individuals 

and groups) with rational underpinning premised from at least cited Davis 

disclosures. Accordingly, we are not persuaded by Appellants' contentions 

that do not address the Examiner's reasoning and rationale. 

For the foregoing reasons, we will sustain the rejection of 

representative claim 1, and also the rejection of the other independent claims 

19, 32, 35, 38, 40, 41, and 43-45. Further, we will sustain the rejection of 

claims 2-5, 7, 11-13, 17, 20-23, 25, 29, 31, and 37 that fall with the 

respective independent claims. 

Claims 6, 8-10, 14-16, 18, 24, 26-28, 30, 33, 34, 39, and 42 
These dependent claims rejected under § 103(a) as unpatentable over 
combinations of Baker, Davis, Hsiao, McNabb, Hayman, Harn, and 
Netscape are asserted to be patentable because of arguments addressed supra 
for their respective independent base claims, including conclusion assertions 
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that there is a lack of "reason" or "motivation" for combining references 
(App. Br. 31-35). For the reasons indicated previously in addressing the 
rejections of the base independent claims, we will sustain the Examiner's 
rejections of these dependent claims. 

CONCLUSION OF LAW 
The Examiner did not err in determining that Baker and Davis, alone 

or in combination, teach or suggest (i) allocating computer system human 
users between a plurality of user groups wherein members of each user 
group are associated with a dataset access category conmion to the user 
group; and (ii) giving dataset access to a member in response to such 
member providing authenticated evidence of user group membership as 
recited in representative claim 1. 

ORDER 

The Examiner's decision rejecting claims 1-45 is affirmed. 
No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R, § 1.136(a)(l)(iv). 

AFFIRMED 

babe 

NIXON & VANDERHYE, PC 

901 NORTH GLEBE ROAD, 1 ITH FLOOR 

ARLINGTON, VA 22203 
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